Security Basics mailing list archives
Re: Re: Why NOT to disable Real Time Antivirus on Servers
From: Warren V Camp <wcamp () cox net>
Date: Thu, 3 Nov 2005 18:50:08 -0500
At minimum you need AV protection on your file and email servers. Email servers should be inspecting all incomming and out going mail. A new virus may strike and infect a PC before AV protect is available from the vendor. How can you ensure that the AV safeguards on PCs are current and operating effectively in order to be certain that servers won't be affected.
From: Kenton Smith <listsks () yahoo ca> Date: 2005/11/02 Wed PM 05:47:28 EST To: george.peek () gmx net, security-basics () securityfocus com Subject: Re: Why NOT to disable Real Time Antivirus on Servers Aside from the standard defense-in-depth arguments what about worms? I don't have any case studies and since you're arguing with an engineer you'll need plenty, however... His argument is only holding true if you consider email-borne viruses. If there is a self-propagating worm, it is going to hit anything that will let it. Now I know that anti-virus isn't the best way to combat worms; it can still save your bacon. Particularly on a server that has to have some common open ports (25,110, etc). Plus what if someone puts an outside machine on your internal network? If that machine is infected with a worm it's going to go straight for your unprotected servers. Another argument for an Exchange server is that you don't have RT scanning your Exchange folders anyway. At least Symantec tells you not to do this, I'm sure that other vendors do as well. If you do that, then all your RT anti-virus is doing is watching for other file changes on your server and there shouldn't be very many of those. Unless your servers are severely underpowered, why would you not run it just for the added safety? Kenton --- george.peek () gmx net wrote:Greetings, An Engineer and I are having an argument about keeping Real Time Antivirus disabled on servers. His point is keeping Real Time Antivirus Enabled on servers such as the Exchange Server takes a huge performance hit on the server. My argument is that keeping real time antivirus software disabled defeats the purpose of PREVENTING a server from being infected in the first place. Once it is infected, it is all too late already. The antivirus software is enabled on the workstations. He argues that since all of the workstations have the antivirus enabled, then there is no way for the virus to get in. Mine argument that a virus can still get in through other means. I need examples and case studies to refer to. I would like to find different case studies or scenarios where the real time antivirus was disabled on the servers, enabled on the PCs, and the company still got infected. Also, would like to find solutions to enabling real time scan and stream lining it so it does not affect the Exchange Server as bad. Would someone point me in the right direction or post potential case studies. Please post or email me. George.peek () gmx net Thank You__________________________________________________________ Find your next car at http://autos.yahoo.ca
Current thread:
- Re: Why NOT to disable Real Time Antivirus on Servers, (continued)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Anton Muthu Kumar B (InfoSec) - CTD, Chennai (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Kirk Brady (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Nick Duda (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Steven Jones (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers THAVEEWAT VASAVAKUL (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers barcajax (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Herbold, John W. (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Steven Jones (Nov 04)
- Message not available
- RE: Why NOT to disable Real Time Antivirus on Servers Pranav Lal (Nov 07)
- Message not available
- Re: Re: Why NOT to disable Real Time Antivirus on Servers Warren V Camp (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Dunigan, Michael (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers DMORROW5 (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Zoran Marjanovic (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Depp, Dennis M. (Nov 04)
- Re: RE: Why NOT to disable Real Time Antivirus on Servers barcajax (Nov 07)